xref: /openbmc/linux/net/9p/trans_fd.c (revision 2bdd5238)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * linux/fs/9p/trans_fd.c
4  *
5  * Fd transport layer.  Includes deprecated socket layer.
6  *
7  *  Copyright (C) 2006 by Russ Cox <rsc@swtch.com>
8  *  Copyright (C) 2004-2005 by Latchesar Ionkov <lucho@ionkov.net>
9  *  Copyright (C) 2004-2008 by Eric Van Hensbergen <ericvh@gmail.com>
10  *  Copyright (C) 1997-2002 by Ron Minnich <rminnich@sarnoff.com>
11  */
12 
13 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
14 
15 #include <linux/in.h>
16 #include <linux/module.h>
17 #include <linux/net.h>
18 #include <linux/ipv6.h>
19 #include <linux/kthread.h>
20 #include <linux/errno.h>
21 #include <linux/kernel.h>
22 #include <linux/un.h>
23 #include <linux/uaccess.h>
24 #include <linux/inet.h>
25 #include <linux/idr.h>
26 #include <linux/file.h>
27 #include <linux/parser.h>
28 #include <linux/slab.h>
29 #include <linux/seq_file.h>
30 #include <net/9p/9p.h>
31 #include <net/9p/client.h>
32 #include <net/9p/transport.h>
33 
34 #include <linux/syscalls.h> /* killme */
35 
36 #define P9_PORT 564
37 #define MAX_SOCK_BUF (1024*1024)
38 #define MAXPOLLWADDR	2
39 
40 static struct p9_trans_module p9_tcp_trans;
41 static struct p9_trans_module p9_fd_trans;
42 
43 /**
44  * struct p9_fd_opts - per-transport options
45  * @rfd: file descriptor for reading (trans=fd)
46  * @wfd: file descriptor for writing (trans=fd)
47  * @port: port to connect to (trans=tcp)
48  * @privport: port is privileged
49  */
50 
51 struct p9_fd_opts {
52 	int rfd;
53 	int wfd;
54 	u16 port;
55 	bool privport;
56 };
57 
58 /*
59   * Option Parsing (code inspired by NFS code)
60   *  - a little lazy - parse all fd-transport options
61   */
62 
63 enum {
64 	/* Options that take integer arguments */
65 	Opt_port, Opt_rfdno, Opt_wfdno, Opt_err,
66 	/* Options that take no arguments */
67 	Opt_privport,
68 };
69 
70 static const match_table_t tokens = {
71 	{Opt_port, "port=%u"},
72 	{Opt_rfdno, "rfdno=%u"},
73 	{Opt_wfdno, "wfdno=%u"},
74 	{Opt_privport, "privport"},
75 	{Opt_err, NULL},
76 };
77 
78 enum {
79 	Rworksched = 1,		/* read work scheduled or running */
80 	Rpending = 2,		/* can read */
81 	Wworksched = 4,		/* write work scheduled or running */
82 	Wpending = 8,		/* can write */
83 };
84 
85 struct p9_poll_wait {
86 	struct p9_conn *conn;
87 	wait_queue_entry_t wait;
88 	wait_queue_head_t *wait_addr;
89 };
90 
91 /**
92  * struct p9_conn - fd mux connection state information
93  * @mux_list: list link for mux to manage multiple connections (?)
94  * @client: reference to client instance for this connection
95  * @err: error state
96  * @req_list: accounting for requests which have been sent
97  * @unsent_req_list: accounting for requests that haven't been sent
98  * @rreq: read request
99  * @wreq: write request
100  * @req: current request being processed (if any)
101  * @tmp_buf: temporary buffer to read in header
102  * @rc: temporary fcall for reading current frame
103  * @wpos: write position for current frame
104  * @wsize: amount of data to write for current frame
105  * @wbuf: current write buffer
106  * @poll_pending_link: pending links to be polled per conn
107  * @poll_wait: array of wait_q's for various worker threads
108  * @pt: poll state
109  * @rq: current read work
110  * @wq: current write work
111  * @wsched: ????
112  *
113  */
114 
115 struct p9_conn {
116 	struct list_head mux_list;
117 	struct p9_client *client;
118 	int err;
119 	struct list_head req_list;
120 	struct list_head unsent_req_list;
121 	struct p9_req_t *rreq;
122 	struct p9_req_t *wreq;
123 	char tmp_buf[7];
124 	struct p9_fcall rc;
125 	int wpos;
126 	int wsize;
127 	char *wbuf;
128 	struct list_head poll_pending_link;
129 	struct p9_poll_wait poll_wait[MAXPOLLWADDR];
130 	poll_table pt;
131 	struct work_struct rq;
132 	struct work_struct wq;
133 	unsigned long wsched;
134 };
135 
136 /**
137  * struct p9_trans_fd - transport state
138  * @rd: reference to file to read from
139  * @wr: reference of file to write to
140  * @conn: connection state reference
141  *
142  */
143 
144 struct p9_trans_fd {
145 	struct file *rd;
146 	struct file *wr;
147 	struct p9_conn conn;
148 };
149 
150 static void p9_poll_workfn(struct work_struct *work);
151 
152 static DEFINE_SPINLOCK(p9_poll_lock);
153 static LIST_HEAD(p9_poll_pending_list);
154 static DECLARE_WORK(p9_poll_work, p9_poll_workfn);
155 
156 static unsigned int p9_ipport_resv_min = P9_DEF_MIN_RESVPORT;
157 static unsigned int p9_ipport_resv_max = P9_DEF_MAX_RESVPORT;
158 
159 static void p9_mux_poll_stop(struct p9_conn *m)
160 {
161 	unsigned long flags;
162 	int i;
163 
164 	for (i = 0; i < ARRAY_SIZE(m->poll_wait); i++) {
165 		struct p9_poll_wait *pwait = &m->poll_wait[i];
166 
167 		if (pwait->wait_addr) {
168 			remove_wait_queue(pwait->wait_addr, &pwait->wait);
169 			pwait->wait_addr = NULL;
170 		}
171 	}
172 
173 	spin_lock_irqsave(&p9_poll_lock, flags);
174 	list_del_init(&m->poll_pending_link);
175 	spin_unlock_irqrestore(&p9_poll_lock, flags);
176 
177 	flush_work(&p9_poll_work);
178 }
179 
180 /**
181  * p9_conn_cancel - cancel all pending requests with error
182  * @m: mux data
183  * @err: error code
184  *
185  */
186 
187 static void p9_conn_cancel(struct p9_conn *m, int err)
188 {
189 	struct p9_req_t *req, *rtmp;
190 	LIST_HEAD(cancel_list);
191 
192 	p9_debug(P9_DEBUG_ERROR, "mux %p err %d\n", m, err);
193 
194 	spin_lock(&m->client->lock);
195 
196 	if (m->err) {
197 		spin_unlock(&m->client->lock);
198 		return;
199 	}
200 
201 	m->err = err;
202 
203 	list_for_each_entry_safe(req, rtmp, &m->req_list, req_list) {
204 		list_move(&req->req_list, &cancel_list);
205 	}
206 	list_for_each_entry_safe(req, rtmp, &m->unsent_req_list, req_list) {
207 		list_move(&req->req_list, &cancel_list);
208 	}
209 
210 	list_for_each_entry_safe(req, rtmp, &cancel_list, req_list) {
211 		p9_debug(P9_DEBUG_ERROR, "call back req %p\n", req);
212 		list_del(&req->req_list);
213 		if (!req->t_err)
214 			req->t_err = err;
215 		p9_client_cb(m->client, req, REQ_STATUS_ERROR);
216 	}
217 	spin_unlock(&m->client->lock);
218 }
219 
220 static __poll_t
221 p9_fd_poll(struct p9_client *client, struct poll_table_struct *pt, int *err)
222 {
223 	__poll_t ret;
224 	struct p9_trans_fd *ts = NULL;
225 
226 	if (client && client->status == Connected)
227 		ts = client->trans;
228 
229 	if (!ts) {
230 		if (err)
231 			*err = -EREMOTEIO;
232 		return EPOLLERR;
233 	}
234 
235 	ret = vfs_poll(ts->rd, pt);
236 	if (ts->rd != ts->wr)
237 		ret = (ret & ~EPOLLOUT) | (vfs_poll(ts->wr, pt) & ~EPOLLIN);
238 	return ret;
239 }
240 
241 /**
242  * p9_fd_read- read from a fd
243  * @client: client instance
244  * @v: buffer to receive data into
245  * @len: size of receive buffer
246  *
247  */
248 
249 static int p9_fd_read(struct p9_client *client, void *v, int len)
250 {
251 	int ret;
252 	struct p9_trans_fd *ts = NULL;
253 	loff_t pos;
254 
255 	if (client && client->status != Disconnected)
256 		ts = client->trans;
257 
258 	if (!ts)
259 		return -EREMOTEIO;
260 
261 	if (!(ts->rd->f_flags & O_NONBLOCK))
262 		p9_debug(P9_DEBUG_ERROR, "blocking read ...\n");
263 
264 	pos = ts->rd->f_pos;
265 	ret = kernel_read(ts->rd, v, len, &pos);
266 	if (ret <= 0 && ret != -ERESTARTSYS && ret != -EAGAIN)
267 		client->status = Disconnected;
268 	return ret;
269 }
270 
271 /**
272  * p9_read_work - called when there is some data to be read from a transport
273  * @work: container of work to be done
274  *
275  */
276 
277 static void p9_read_work(struct work_struct *work)
278 {
279 	__poll_t n;
280 	int err;
281 	struct p9_conn *m;
282 
283 	m = container_of(work, struct p9_conn, rq);
284 
285 	if (m->err < 0)
286 		return;
287 
288 	p9_debug(P9_DEBUG_TRANS, "start mux %p pos %zd\n", m, m->rc.offset);
289 
290 	if (!m->rc.sdata) {
291 		m->rc.sdata = m->tmp_buf;
292 		m->rc.offset = 0;
293 		m->rc.capacity = 7; /* start by reading header */
294 	}
295 
296 	clear_bit(Rpending, &m->wsched);
297 	p9_debug(P9_DEBUG_TRANS, "read mux %p pos %zd size: %zd = %zd\n",
298 		 m, m->rc.offset, m->rc.capacity,
299 		 m->rc.capacity - m->rc.offset);
300 	err = p9_fd_read(m->client, m->rc.sdata + m->rc.offset,
301 			 m->rc.capacity - m->rc.offset);
302 	p9_debug(P9_DEBUG_TRANS, "mux %p got %d bytes\n", m, err);
303 	if (err == -EAGAIN)
304 		goto end_clear;
305 
306 	if (err <= 0)
307 		goto error;
308 
309 	m->rc.offset += err;
310 
311 	/* header read in */
312 	if ((!m->rreq) && (m->rc.offset == m->rc.capacity)) {
313 		p9_debug(P9_DEBUG_TRANS, "got new header\n");
314 
315 		/* Header size */
316 		m->rc.size = 7;
317 		err = p9_parse_header(&m->rc, &m->rc.size, NULL, NULL, 0);
318 		if (err) {
319 			p9_debug(P9_DEBUG_ERROR,
320 				 "error parsing header: %d\n", err);
321 			goto error;
322 		}
323 
324 		if (m->rc.size >= m->client->msize) {
325 			p9_debug(P9_DEBUG_ERROR,
326 				 "requested packet size too big: %d\n",
327 				 m->rc.size);
328 			err = -EIO;
329 			goto error;
330 		}
331 
332 		p9_debug(P9_DEBUG_TRANS,
333 			 "mux %p pkt: size: %d bytes tag: %d\n",
334 			 m, m->rc.size, m->rc.tag);
335 
336 		m->rreq = p9_tag_lookup(m->client, m->rc.tag);
337 		if (!m->rreq || (m->rreq->status != REQ_STATUS_SENT)) {
338 			p9_debug(P9_DEBUG_ERROR, "Unexpected packet tag %d\n",
339 				 m->rc.tag);
340 			err = -EIO;
341 			goto error;
342 		}
343 
344 		if (!m->rreq->rc.sdata) {
345 			p9_debug(P9_DEBUG_ERROR,
346 				 "No recv fcall for tag %d (req %p), disconnecting!\n",
347 				 m->rc.tag, m->rreq);
348 			m->rreq = NULL;
349 			err = -EIO;
350 			goto error;
351 		}
352 		m->rc.sdata = m->rreq->rc.sdata;
353 		memcpy(m->rc.sdata, m->tmp_buf, m->rc.capacity);
354 		m->rc.capacity = m->rc.size;
355 	}
356 
357 	/* packet is read in
358 	 * not an else because some packets (like clunk) have no payload
359 	 */
360 	if ((m->rreq) && (m->rc.offset == m->rc.capacity)) {
361 		p9_debug(P9_DEBUG_TRANS, "got new packet\n");
362 		m->rreq->rc.size = m->rc.offset;
363 		spin_lock(&m->client->lock);
364 		if (m->rreq->status == REQ_STATUS_SENT) {
365 			list_del(&m->rreq->req_list);
366 			p9_client_cb(m->client, m->rreq, REQ_STATUS_RCVD);
367 		} else if (m->rreq->status == REQ_STATUS_FLSHD) {
368 			/* Ignore replies associated with a cancelled request. */
369 			p9_debug(P9_DEBUG_TRANS,
370 				 "Ignore replies associated with a cancelled request\n");
371 		} else {
372 			spin_unlock(&m->client->lock);
373 			p9_debug(P9_DEBUG_ERROR,
374 				 "Request tag %d errored out while we were reading the reply\n",
375 				 m->rc.tag);
376 			err = -EIO;
377 			goto error;
378 		}
379 		spin_unlock(&m->client->lock);
380 		m->rc.sdata = NULL;
381 		m->rc.offset = 0;
382 		m->rc.capacity = 0;
383 		p9_req_put(m->rreq);
384 		m->rreq = NULL;
385 	}
386 
387 end_clear:
388 	clear_bit(Rworksched, &m->wsched);
389 
390 	if (!list_empty(&m->req_list)) {
391 		if (test_and_clear_bit(Rpending, &m->wsched))
392 			n = EPOLLIN;
393 		else
394 			n = p9_fd_poll(m->client, NULL, NULL);
395 
396 		if ((n & EPOLLIN) && !test_and_set_bit(Rworksched, &m->wsched)) {
397 			p9_debug(P9_DEBUG_TRANS, "sched read work %p\n", m);
398 			schedule_work(&m->rq);
399 		}
400 	}
401 
402 	return;
403 error:
404 	p9_conn_cancel(m, err);
405 	clear_bit(Rworksched, &m->wsched);
406 }
407 
408 /**
409  * p9_fd_write - write to a socket
410  * @client: client instance
411  * @v: buffer to send data from
412  * @len: size of send buffer
413  *
414  */
415 
416 static int p9_fd_write(struct p9_client *client, void *v, int len)
417 {
418 	ssize_t ret;
419 	struct p9_trans_fd *ts = NULL;
420 
421 	if (client && client->status != Disconnected)
422 		ts = client->trans;
423 
424 	if (!ts)
425 		return -EREMOTEIO;
426 
427 	if (!(ts->wr->f_flags & O_NONBLOCK))
428 		p9_debug(P9_DEBUG_ERROR, "blocking write ...\n");
429 
430 	ret = kernel_write(ts->wr, v, len, &ts->wr->f_pos);
431 	if (ret <= 0 && ret != -ERESTARTSYS && ret != -EAGAIN)
432 		client->status = Disconnected;
433 	return ret;
434 }
435 
436 /**
437  * p9_write_work - called when a transport can send some data
438  * @work: container for work to be done
439  *
440  */
441 
442 static void p9_write_work(struct work_struct *work)
443 {
444 	__poll_t n;
445 	int err;
446 	struct p9_conn *m;
447 	struct p9_req_t *req;
448 
449 	m = container_of(work, struct p9_conn, wq);
450 
451 	if (m->err < 0) {
452 		clear_bit(Wworksched, &m->wsched);
453 		return;
454 	}
455 
456 	if (!m->wsize) {
457 		spin_lock(&m->client->lock);
458 		if (list_empty(&m->unsent_req_list)) {
459 			clear_bit(Wworksched, &m->wsched);
460 			spin_unlock(&m->client->lock);
461 			return;
462 		}
463 
464 		req = list_entry(m->unsent_req_list.next, struct p9_req_t,
465 			       req_list);
466 		req->status = REQ_STATUS_SENT;
467 		p9_debug(P9_DEBUG_TRANS, "move req %p\n", req);
468 		list_move_tail(&req->req_list, &m->req_list);
469 
470 		m->wbuf = req->tc.sdata;
471 		m->wsize = req->tc.size;
472 		m->wpos = 0;
473 		p9_req_get(req);
474 		m->wreq = req;
475 		spin_unlock(&m->client->lock);
476 	}
477 
478 	p9_debug(P9_DEBUG_TRANS, "mux %p pos %d size %d\n",
479 		 m, m->wpos, m->wsize);
480 	clear_bit(Wpending, &m->wsched);
481 	err = p9_fd_write(m->client, m->wbuf + m->wpos, m->wsize - m->wpos);
482 	p9_debug(P9_DEBUG_TRANS, "mux %p sent %d bytes\n", m, err);
483 	if (err == -EAGAIN)
484 		goto end_clear;
485 
486 
487 	if (err < 0)
488 		goto error;
489 	else if (err == 0) {
490 		err = -EREMOTEIO;
491 		goto error;
492 	}
493 
494 	m->wpos += err;
495 	if (m->wpos == m->wsize) {
496 		m->wpos = m->wsize = 0;
497 		p9_req_put(m->wreq);
498 		m->wreq = NULL;
499 	}
500 
501 end_clear:
502 	clear_bit(Wworksched, &m->wsched);
503 
504 	if (m->wsize || !list_empty(&m->unsent_req_list)) {
505 		if (test_and_clear_bit(Wpending, &m->wsched))
506 			n = EPOLLOUT;
507 		else
508 			n = p9_fd_poll(m->client, NULL, NULL);
509 
510 		if ((n & EPOLLOUT) &&
511 		   !test_and_set_bit(Wworksched, &m->wsched)) {
512 			p9_debug(P9_DEBUG_TRANS, "sched write work %p\n", m);
513 			schedule_work(&m->wq);
514 		}
515 	}
516 
517 	return;
518 
519 error:
520 	p9_conn_cancel(m, err);
521 	clear_bit(Wworksched, &m->wsched);
522 }
523 
524 static int p9_pollwake(wait_queue_entry_t *wait, unsigned int mode, int sync, void *key)
525 {
526 	struct p9_poll_wait *pwait =
527 		container_of(wait, struct p9_poll_wait, wait);
528 	struct p9_conn *m = pwait->conn;
529 	unsigned long flags;
530 
531 	spin_lock_irqsave(&p9_poll_lock, flags);
532 	if (list_empty(&m->poll_pending_link))
533 		list_add_tail(&m->poll_pending_link, &p9_poll_pending_list);
534 	spin_unlock_irqrestore(&p9_poll_lock, flags);
535 
536 	schedule_work(&p9_poll_work);
537 	return 1;
538 }
539 
540 /**
541  * p9_pollwait - add poll task to the wait queue
542  * @filp: file pointer being polled
543  * @wait_address: wait_q to block on
544  * @p: poll state
545  *
546  * called by files poll operation to add v9fs-poll task to files wait queue
547  */
548 
549 static void
550 p9_pollwait(struct file *filp, wait_queue_head_t *wait_address, poll_table *p)
551 {
552 	struct p9_conn *m = container_of(p, struct p9_conn, pt);
553 	struct p9_poll_wait *pwait = NULL;
554 	int i;
555 
556 	for (i = 0; i < ARRAY_SIZE(m->poll_wait); i++) {
557 		if (m->poll_wait[i].wait_addr == NULL) {
558 			pwait = &m->poll_wait[i];
559 			break;
560 		}
561 	}
562 
563 	if (!pwait) {
564 		p9_debug(P9_DEBUG_ERROR, "not enough wait_address slots\n");
565 		return;
566 	}
567 
568 	pwait->conn = m;
569 	pwait->wait_addr = wait_address;
570 	init_waitqueue_func_entry(&pwait->wait, p9_pollwake);
571 	add_wait_queue(wait_address, &pwait->wait);
572 }
573 
574 /**
575  * p9_conn_create - initialize the per-session mux data
576  * @client: client instance
577  *
578  * Note: Creates the polling task if this is the first session.
579  */
580 
581 static void p9_conn_create(struct p9_client *client)
582 {
583 	__poll_t n;
584 	struct p9_trans_fd *ts = client->trans;
585 	struct p9_conn *m = &ts->conn;
586 
587 	p9_debug(P9_DEBUG_TRANS, "client %p msize %d\n", client, client->msize);
588 
589 	INIT_LIST_HEAD(&m->mux_list);
590 	m->client = client;
591 
592 	INIT_LIST_HEAD(&m->req_list);
593 	INIT_LIST_HEAD(&m->unsent_req_list);
594 	INIT_WORK(&m->rq, p9_read_work);
595 	INIT_WORK(&m->wq, p9_write_work);
596 	INIT_LIST_HEAD(&m->poll_pending_link);
597 	init_poll_funcptr(&m->pt, p9_pollwait);
598 
599 	n = p9_fd_poll(client, &m->pt, NULL);
600 	if (n & EPOLLIN) {
601 		p9_debug(P9_DEBUG_TRANS, "mux %p can read\n", m);
602 		set_bit(Rpending, &m->wsched);
603 	}
604 
605 	if (n & EPOLLOUT) {
606 		p9_debug(P9_DEBUG_TRANS, "mux %p can write\n", m);
607 		set_bit(Wpending, &m->wsched);
608 	}
609 }
610 
611 /**
612  * p9_poll_mux - polls a mux and schedules read or write works if necessary
613  * @m: connection to poll
614  *
615  */
616 
617 static void p9_poll_mux(struct p9_conn *m)
618 {
619 	__poll_t n;
620 	int err = -ECONNRESET;
621 
622 	if (m->err < 0)
623 		return;
624 
625 	n = p9_fd_poll(m->client, NULL, &err);
626 	if (n & (EPOLLERR | EPOLLHUP | EPOLLNVAL)) {
627 		p9_debug(P9_DEBUG_TRANS, "error mux %p err %d\n", m, n);
628 		p9_conn_cancel(m, err);
629 	}
630 
631 	if (n & EPOLLIN) {
632 		set_bit(Rpending, &m->wsched);
633 		p9_debug(P9_DEBUG_TRANS, "mux %p can read\n", m);
634 		if (!test_and_set_bit(Rworksched, &m->wsched)) {
635 			p9_debug(P9_DEBUG_TRANS, "sched read work %p\n", m);
636 			schedule_work(&m->rq);
637 		}
638 	}
639 
640 	if (n & EPOLLOUT) {
641 		set_bit(Wpending, &m->wsched);
642 		p9_debug(P9_DEBUG_TRANS, "mux %p can write\n", m);
643 		if ((m->wsize || !list_empty(&m->unsent_req_list)) &&
644 		    !test_and_set_bit(Wworksched, &m->wsched)) {
645 			p9_debug(P9_DEBUG_TRANS, "sched write work %p\n", m);
646 			schedule_work(&m->wq);
647 		}
648 	}
649 }
650 
651 /**
652  * p9_fd_request - send 9P request
653  * The function can sleep until the request is scheduled for sending.
654  * The function can be interrupted. Return from the function is not
655  * a guarantee that the request is sent successfully.
656  *
657  * @client: client instance
658  * @req: request to be sent
659  *
660  */
661 
662 static int p9_fd_request(struct p9_client *client, struct p9_req_t *req)
663 {
664 	__poll_t n;
665 	struct p9_trans_fd *ts = client->trans;
666 	struct p9_conn *m = &ts->conn;
667 
668 	p9_debug(P9_DEBUG_TRANS, "mux %p task %p tcall %p id %d\n",
669 		 m, current, &req->tc, req->tc.id);
670 	if (m->err < 0)
671 		return m->err;
672 
673 	spin_lock(&client->lock);
674 	req->status = REQ_STATUS_UNSENT;
675 	list_add_tail(&req->req_list, &m->unsent_req_list);
676 	spin_unlock(&client->lock);
677 
678 	if (test_and_clear_bit(Wpending, &m->wsched))
679 		n = EPOLLOUT;
680 	else
681 		n = p9_fd_poll(m->client, NULL, NULL);
682 
683 	if (n & EPOLLOUT && !test_and_set_bit(Wworksched, &m->wsched))
684 		schedule_work(&m->wq);
685 
686 	return 0;
687 }
688 
689 static int p9_fd_cancel(struct p9_client *client, struct p9_req_t *req)
690 {
691 	int ret = 1;
692 
693 	p9_debug(P9_DEBUG_TRANS, "client %p req %p\n", client, req);
694 
695 	spin_lock(&client->lock);
696 
697 	if (req->status == REQ_STATUS_UNSENT) {
698 		list_del(&req->req_list);
699 		req->status = REQ_STATUS_FLSHD;
700 		p9_req_put(req);
701 		ret = 0;
702 	}
703 	spin_unlock(&client->lock);
704 
705 	return ret;
706 }
707 
708 static int p9_fd_cancelled(struct p9_client *client, struct p9_req_t *req)
709 {
710 	p9_debug(P9_DEBUG_TRANS, "client %p req %p\n", client, req);
711 
712 	spin_lock(&client->lock);
713 	/* Ignore cancelled request if message has been received
714 	 * before lock.
715 	 */
716 	if (req->status == REQ_STATUS_RCVD) {
717 		spin_unlock(&client->lock);
718 		return 0;
719 	}
720 
721 	/* we haven't received a response for oldreq,
722 	 * remove it from the list.
723 	 */
724 	list_del(&req->req_list);
725 	req->status = REQ_STATUS_FLSHD;
726 	spin_unlock(&client->lock);
727 	p9_req_put(req);
728 
729 	return 0;
730 }
731 
732 static int p9_fd_show_options(struct seq_file *m, struct p9_client *clnt)
733 {
734 	if (clnt->trans_mod == &p9_tcp_trans) {
735 		if (clnt->trans_opts.tcp.port != P9_PORT)
736 			seq_printf(m, ",port=%u", clnt->trans_opts.tcp.port);
737 	} else if (clnt->trans_mod == &p9_fd_trans) {
738 		if (clnt->trans_opts.fd.rfd != ~0)
739 			seq_printf(m, ",rfd=%u", clnt->trans_opts.fd.rfd);
740 		if (clnt->trans_opts.fd.wfd != ~0)
741 			seq_printf(m, ",wfd=%u", clnt->trans_opts.fd.wfd);
742 	}
743 	return 0;
744 }
745 
746 /**
747  * parse_opts - parse mount options into p9_fd_opts structure
748  * @params: options string passed from mount
749  * @opts: fd transport-specific structure to parse options into
750  *
751  * Returns 0 upon success, -ERRNO upon failure
752  */
753 
754 static int parse_opts(char *params, struct p9_fd_opts *opts)
755 {
756 	char *p;
757 	substring_t args[MAX_OPT_ARGS];
758 	int option;
759 	char *options, *tmp_options;
760 
761 	opts->port = P9_PORT;
762 	opts->rfd = ~0;
763 	opts->wfd = ~0;
764 	opts->privport = false;
765 
766 	if (!params)
767 		return 0;
768 
769 	tmp_options = kstrdup(params, GFP_KERNEL);
770 	if (!tmp_options) {
771 		p9_debug(P9_DEBUG_ERROR,
772 			 "failed to allocate copy of option string\n");
773 		return -ENOMEM;
774 	}
775 	options = tmp_options;
776 
777 	while ((p = strsep(&options, ",")) != NULL) {
778 		int token;
779 		int r;
780 		if (!*p)
781 			continue;
782 		token = match_token(p, tokens, args);
783 		if ((token != Opt_err) && (token != Opt_privport)) {
784 			r = match_int(&args[0], &option);
785 			if (r < 0) {
786 				p9_debug(P9_DEBUG_ERROR,
787 					 "integer field, but no integer?\n");
788 				continue;
789 			}
790 		}
791 		switch (token) {
792 		case Opt_port:
793 			opts->port = option;
794 			break;
795 		case Opt_rfdno:
796 			opts->rfd = option;
797 			break;
798 		case Opt_wfdno:
799 			opts->wfd = option;
800 			break;
801 		case Opt_privport:
802 			opts->privport = true;
803 			break;
804 		default:
805 			continue;
806 		}
807 	}
808 
809 	kfree(tmp_options);
810 	return 0;
811 }
812 
813 static int p9_fd_open(struct p9_client *client, int rfd, int wfd)
814 {
815 	struct p9_trans_fd *ts = kzalloc(sizeof(struct p9_trans_fd),
816 					   GFP_KERNEL);
817 	if (!ts)
818 		return -ENOMEM;
819 
820 	ts->rd = fget(rfd);
821 	if (!ts->rd)
822 		goto out_free_ts;
823 	if (!(ts->rd->f_mode & FMODE_READ))
824 		goto out_put_rd;
825 	ts->wr = fget(wfd);
826 	if (!ts->wr)
827 		goto out_put_rd;
828 	if (!(ts->wr->f_mode & FMODE_WRITE))
829 		goto out_put_wr;
830 
831 	client->trans = ts;
832 	client->status = Connected;
833 
834 	return 0;
835 
836 out_put_wr:
837 	fput(ts->wr);
838 out_put_rd:
839 	fput(ts->rd);
840 out_free_ts:
841 	kfree(ts);
842 	return -EIO;
843 }
844 
845 static int p9_socket_open(struct p9_client *client, struct socket *csocket)
846 {
847 	struct p9_trans_fd *p;
848 	struct file *file;
849 
850 	p = kzalloc(sizeof(struct p9_trans_fd), GFP_KERNEL);
851 	if (!p)
852 		return -ENOMEM;
853 
854 	csocket->sk->sk_allocation = GFP_NOIO;
855 	file = sock_alloc_file(csocket, 0, NULL);
856 	if (IS_ERR(file)) {
857 		pr_err("%s (%d): failed to map fd\n",
858 		       __func__, task_pid_nr(current));
859 		kfree(p);
860 		return PTR_ERR(file);
861 	}
862 
863 	get_file(file);
864 	p->wr = p->rd = file;
865 	client->trans = p;
866 	client->status = Connected;
867 
868 	p->rd->f_flags |= O_NONBLOCK;
869 
870 	p9_conn_create(client);
871 	return 0;
872 }
873 
874 /**
875  * p9_conn_destroy - cancels all pending requests of mux
876  * @m: mux to destroy
877  *
878  */
879 
880 static void p9_conn_destroy(struct p9_conn *m)
881 {
882 	p9_debug(P9_DEBUG_TRANS, "mux %p prev %p next %p\n",
883 		 m, m->mux_list.prev, m->mux_list.next);
884 
885 	p9_mux_poll_stop(m);
886 	cancel_work_sync(&m->rq);
887 	if (m->rreq) {
888 		p9_req_put(m->rreq);
889 		m->rreq = NULL;
890 	}
891 	cancel_work_sync(&m->wq);
892 	if (m->wreq) {
893 		p9_req_put(m->wreq);
894 		m->wreq = NULL;
895 	}
896 
897 	p9_conn_cancel(m, -ECONNRESET);
898 
899 	m->client = NULL;
900 }
901 
902 /**
903  * p9_fd_close - shutdown file descriptor transport
904  * @client: client instance
905  *
906  */
907 
908 static void p9_fd_close(struct p9_client *client)
909 {
910 	struct p9_trans_fd *ts;
911 
912 	if (!client)
913 		return;
914 
915 	ts = client->trans;
916 	if (!ts)
917 		return;
918 
919 	client->status = Disconnected;
920 
921 	p9_conn_destroy(&ts->conn);
922 
923 	if (ts->rd)
924 		fput(ts->rd);
925 	if (ts->wr)
926 		fput(ts->wr);
927 
928 	kfree(ts);
929 }
930 
931 /*
932  * stolen from NFS - maybe should be made a generic function?
933  */
934 static inline int valid_ipaddr4(const char *buf)
935 {
936 	int rc, count, in[4];
937 
938 	rc = sscanf(buf, "%d.%d.%d.%d", &in[0], &in[1], &in[2], &in[3]);
939 	if (rc != 4)
940 		return -EINVAL;
941 	for (count = 0; count < 4; count++) {
942 		if (in[count] > 255)
943 			return -EINVAL;
944 	}
945 	return 0;
946 }
947 
948 static int p9_bind_privport(struct socket *sock)
949 {
950 	struct sockaddr_in cl;
951 	int port, err = -EINVAL;
952 
953 	memset(&cl, 0, sizeof(cl));
954 	cl.sin_family = AF_INET;
955 	cl.sin_addr.s_addr = htonl(INADDR_ANY);
956 	for (port = p9_ipport_resv_max; port >= p9_ipport_resv_min; port--) {
957 		cl.sin_port = htons((ushort)port);
958 		err = kernel_bind(sock, (struct sockaddr *)&cl, sizeof(cl));
959 		if (err != -EADDRINUSE)
960 			break;
961 	}
962 	return err;
963 }
964 
965 
966 static int
967 p9_fd_create_tcp(struct p9_client *client, const char *addr, char *args)
968 {
969 	int err;
970 	struct socket *csocket;
971 	struct sockaddr_in sin_server;
972 	struct p9_fd_opts opts;
973 
974 	err = parse_opts(args, &opts);
975 	if (err < 0)
976 		return err;
977 
978 	if (addr == NULL || valid_ipaddr4(addr) < 0)
979 		return -EINVAL;
980 
981 	csocket = NULL;
982 
983 	client->trans_opts.tcp.port = opts.port;
984 	client->trans_opts.tcp.privport = opts.privport;
985 	sin_server.sin_family = AF_INET;
986 	sin_server.sin_addr.s_addr = in_aton(addr);
987 	sin_server.sin_port = htons(opts.port);
988 	err = __sock_create(current->nsproxy->net_ns, PF_INET,
989 			    SOCK_STREAM, IPPROTO_TCP, &csocket, 1);
990 	if (err) {
991 		pr_err("%s (%d): problem creating socket\n",
992 		       __func__, task_pid_nr(current));
993 		return err;
994 	}
995 
996 	if (opts.privport) {
997 		err = p9_bind_privport(csocket);
998 		if (err < 0) {
999 			pr_err("%s (%d): problem binding to privport\n",
1000 			       __func__, task_pid_nr(current));
1001 			sock_release(csocket);
1002 			return err;
1003 		}
1004 	}
1005 
1006 	err = csocket->ops->connect(csocket,
1007 				    (struct sockaddr *)&sin_server,
1008 				    sizeof(struct sockaddr_in), 0);
1009 	if (err < 0) {
1010 		pr_err("%s (%d): problem connecting socket to %s\n",
1011 		       __func__, task_pid_nr(current), addr);
1012 		sock_release(csocket);
1013 		return err;
1014 	}
1015 
1016 	return p9_socket_open(client, csocket);
1017 }
1018 
1019 static int
1020 p9_fd_create_unix(struct p9_client *client, const char *addr, char *args)
1021 {
1022 	int err;
1023 	struct socket *csocket;
1024 	struct sockaddr_un sun_server;
1025 
1026 	csocket = NULL;
1027 
1028 	if (!addr || !strlen(addr))
1029 		return -EINVAL;
1030 
1031 	if (strlen(addr) >= UNIX_PATH_MAX) {
1032 		pr_err("%s (%d): address too long: %s\n",
1033 		       __func__, task_pid_nr(current), addr);
1034 		return -ENAMETOOLONG;
1035 	}
1036 
1037 	sun_server.sun_family = PF_UNIX;
1038 	strcpy(sun_server.sun_path, addr);
1039 	err = __sock_create(current->nsproxy->net_ns, PF_UNIX,
1040 			    SOCK_STREAM, 0, &csocket, 1);
1041 	if (err < 0) {
1042 		pr_err("%s (%d): problem creating socket\n",
1043 		       __func__, task_pid_nr(current));
1044 
1045 		return err;
1046 	}
1047 	err = csocket->ops->connect(csocket, (struct sockaddr *)&sun_server,
1048 			sizeof(struct sockaddr_un) - 1, 0);
1049 	if (err < 0) {
1050 		pr_err("%s (%d): problem connecting socket: %s: %d\n",
1051 		       __func__, task_pid_nr(current), addr, err);
1052 		sock_release(csocket);
1053 		return err;
1054 	}
1055 
1056 	return p9_socket_open(client, csocket);
1057 }
1058 
1059 static int
1060 p9_fd_create(struct p9_client *client, const char *addr, char *args)
1061 {
1062 	int err;
1063 	struct p9_fd_opts opts;
1064 
1065 	parse_opts(args, &opts);
1066 	client->trans_opts.fd.rfd = opts.rfd;
1067 	client->trans_opts.fd.wfd = opts.wfd;
1068 
1069 	if (opts.rfd == ~0 || opts.wfd == ~0) {
1070 		pr_err("Insufficient options for proto=fd\n");
1071 		return -ENOPROTOOPT;
1072 	}
1073 
1074 	err = p9_fd_open(client, opts.rfd, opts.wfd);
1075 	if (err < 0)
1076 		return err;
1077 
1078 	p9_conn_create(client);
1079 
1080 	return 0;
1081 }
1082 
1083 static struct p9_trans_module p9_tcp_trans = {
1084 	.name = "tcp",
1085 	.maxsize = MAX_SOCK_BUF,
1086 	.def = 0,
1087 	.create = p9_fd_create_tcp,
1088 	.close = p9_fd_close,
1089 	.request = p9_fd_request,
1090 	.cancel = p9_fd_cancel,
1091 	.cancelled = p9_fd_cancelled,
1092 	.show_options = p9_fd_show_options,
1093 	.owner = THIS_MODULE,
1094 };
1095 
1096 static struct p9_trans_module p9_unix_trans = {
1097 	.name = "unix",
1098 	.maxsize = MAX_SOCK_BUF,
1099 	.def = 0,
1100 	.create = p9_fd_create_unix,
1101 	.close = p9_fd_close,
1102 	.request = p9_fd_request,
1103 	.cancel = p9_fd_cancel,
1104 	.cancelled = p9_fd_cancelled,
1105 	.show_options = p9_fd_show_options,
1106 	.owner = THIS_MODULE,
1107 };
1108 
1109 static struct p9_trans_module p9_fd_trans = {
1110 	.name = "fd",
1111 	.maxsize = MAX_SOCK_BUF,
1112 	.def = 0,
1113 	.create = p9_fd_create,
1114 	.close = p9_fd_close,
1115 	.request = p9_fd_request,
1116 	.cancel = p9_fd_cancel,
1117 	.cancelled = p9_fd_cancelled,
1118 	.show_options = p9_fd_show_options,
1119 	.owner = THIS_MODULE,
1120 };
1121 
1122 /**
1123  * p9_poll_workfn - poll worker thread
1124  * @work: work queue
1125  *
1126  * polls all v9fs transports for new events and queues the appropriate
1127  * work to the work queue
1128  *
1129  */
1130 
1131 static void p9_poll_workfn(struct work_struct *work)
1132 {
1133 	unsigned long flags;
1134 
1135 	p9_debug(P9_DEBUG_TRANS, "start %p\n", current);
1136 
1137 	spin_lock_irqsave(&p9_poll_lock, flags);
1138 	while (!list_empty(&p9_poll_pending_list)) {
1139 		struct p9_conn *conn = list_first_entry(&p9_poll_pending_list,
1140 							struct p9_conn,
1141 							poll_pending_link);
1142 		list_del_init(&conn->poll_pending_link);
1143 		spin_unlock_irqrestore(&p9_poll_lock, flags);
1144 
1145 		p9_poll_mux(conn);
1146 
1147 		spin_lock_irqsave(&p9_poll_lock, flags);
1148 	}
1149 	spin_unlock_irqrestore(&p9_poll_lock, flags);
1150 
1151 	p9_debug(P9_DEBUG_TRANS, "finish\n");
1152 }
1153 
1154 int p9_trans_fd_init(void)
1155 {
1156 	v9fs_register_trans(&p9_tcp_trans);
1157 	v9fs_register_trans(&p9_unix_trans);
1158 	v9fs_register_trans(&p9_fd_trans);
1159 
1160 	return 0;
1161 }
1162 
1163 void p9_trans_fd_exit(void)
1164 {
1165 	flush_work(&p9_poll_work);
1166 	v9fs_unregister_trans(&p9_tcp_trans);
1167 	v9fs_unregister_trans(&p9_unix_trans);
1168 	v9fs_unregister_trans(&p9_fd_trans);
1169 }
1170